CHANGELOG.MD

Version 2.1.0.0 (16-12-2025)

🆕 New Features

• Export command script (.ps1) feature:
  • Supports Windows Certificate Store, PFX, and Azure Trusted Signing modes with per-file signing and exit code checks
  • Optional BatchMode for Trusted Signing (single signtool call for multiple files)

🔧 Improvements

• Smaller UI updates for better user experience
• Persist Trusted Signing options (Code Signing Account Name and Certificate Profile) between sessions
• Restore last "Files to Sign" list on startup (from tool config)
• Improved error handling and logging for Trusted Signing operations
• Add detailed Trusted Signing diagnostics in logs:
  • Log exact SignTool arguments used for the call
  • Log resolved and better check for absolute paths for DLIB and DMDF and the current working directory
• Update Trusted Signing tools from 1.0.68 to 1.0.95 and migrate to .NET 8.0 and modernize codebase
  • Removed .NET 6.0 dependencies and updated runtime to .NET 8.0 and removed unused assemblies and legacy runtime features.
• Improved performance with optimizations in string and buffer handling
• Pre-flight validation in exported scripts:
  • Verifies paths (SignTool, PFX, DLIB) and normalizes input files with Resolve-Path
  • Aggregates failures and reports a single error summary

🔄 Changed

• Trusted Signing export now creates DMDF JSON on-the-fly and removes it in a finally block
• Exported script header timestamp format changed to "HH:mm:ss dd-MM-yyyy"
• Exported scripts now emit absolute file paths for reliability

Version 2.0.0.0 (11-09-2025)

🆕 New Features

• Added certificate monitoring functionality with new CertificateMonitor class and CertificateStatus Form
• Introduced comprehensive timestamp server management system
  • New TimestampServerEditForm for adding and editing individual timestamp servers
  • New TimestampServerManagementForm for centralized server configuration management
  • Added TimestampServer and TimestampManager classes for server handling and orchestration
  • Dynamic interface adaptation: "Timestamp Servers" for PFX/Certificate Store and "Endpoints" for Trusted Signing
• Built-in timestamp server availability testing and health monitoring
• Support for server prioritization, enabling/disabling, and timeout configuration
• Added certificate type persistence - application now remembers your preferred signing method (Windows Certificate Store, PFX Certificate, or Trusted Signing)

🎨 User Interface Enhancements

• Enhanced MainForm UI with new menu options for certificate monitoring and timestamp server management
• Introduced color-coded alerts for certificate expiry in both Windows Certificate Store and PFX scenarios
• Improved certificate information display with better visual feedback
• Added intuitive forms for managing timestamp server configurations
• Context-aware UI labels that change based on signing type (Trusted Signing vs. traditional methods)
• Added search functionality for certificates (Windows Certificate Store) for name, thumbprint and issuer in the list

🔒 Security Improvements

• Major Security Enhancement: Completely redesigned password encryption system
  • Replaced hardcoded encryption keys with machine-specific key derivation
  • Upgraded from basic encryption to AES-256 with PBKDF2 key derivation (100,000 iterations)
  • Implemented automatic migration from old encryption format to new secure method
  • Added machine-specific entropy sources (hardware identifiers, system properties)
  • Passwords encrypted on one machine cannot be decrypted on another (intentional security feature)
• Enhanced certificate validation and password security handling

🏗️ Architecture Improvements

• Refactored signing classes (SignerPfx, SignerThumbprint, SignerTrustedSigning) to inherit from new SignerBase abstract class
• Centralized common signing logic, reducing code redundancy and improving maintainability
• Added new SecurePasswordManager class for robust password encryption/decryption
• Enhanced certificate validation and monitoring capabilities
• Improved error handling and validation for certificate paths and passwords
• Better separation of concerns with dedicated security and configuration management classes

⚡ Performance & Reliability

• Implemented asynchronous operations for better application responsiveness
• Enhanced logging system for improved troubleshooting and debugging
• Added automatic failover to backup timestamp servers when primary servers are unavailable
• Improved stability when handling certificate operations and network-related timestamp failures
• Better configuration persistence and loading mechanisms

🐛 Bug Fixes

• Better error recovery for network-related timestamp failures
• Enhanced validation for certificate operations
• Improved stability in certificate monitoring scenarios
• Fixed configuration loading order to prevent UI overrides
• Better handling of corrupted or incompatible password data

🔧 Technical Details

• Enhanced compatibility with .NET Framework 4.8
• Improved machine-specific key generation using multiple entropy sources
• Added comprehensive error handling and logging for security operations
• Backward compatibility maintained through automatic password migration system
• Changed configuration file name to Config.ini for clarity (previously Data.ini)

Think I have it all now, but can be I forgot something - a lot of work went into this release, so please test it thoroughly and report any issues you find 😉

---

This release represents a major milestone in security and usability, significantly enhancing the reliability, user experience, and enterprise-readiness of the SignTool GUI. The new security architecture ensures that sensitive certificate passwords are protected with industry-standard encryption while maintaining seamless user experience through automatic migration and intelligent configuration management.

---

Version 1.4.0.0 (17-03-2025):

• Updated Trusted Signing from v0.1.103.0 to the latest v0.1.108.0
• The tool now only displays Code Signing certificates with a private key for selection
• Added a direct link to the Azure Portal to help you find your Trusted Signing accounts
• New option to enable or disable timestamping when signing (supported for .pfx and Certificate Store certificates)
• Improved error handling and logging
• Added support for more versions of the Windows SDK
• New "Select All" option for bulk selecting/unselecting files to sign
• Minor UI improvements for a better user experience

Version 1.3.0.0 (18-07-2024):

• Add support for Microsoft Trusted Signing
• Add check for if tool is code signed (via Windows API, valid or valid with my Code Signing Certificate via Thumbprint hosted on GitHub)
• Add multiple timestamp servers- Add save to logfile
• Bug fixes Like Certificate Store certs will reset on every sign

Version 1.2.2.0 (04-07-2024):

• Add code to DPI aware and SignTool via API
• Add more status messages to statusstrip for file operations
• Performance tweaks
• Change arch for default signtool.exe
• GUI changes
• Bug fixes

Version 1.2.1.0 (09-08-2023):

• Major release
• Added feature to find if signtool.exe is installed on the computer
• UI updates
• Add new feature for reset interface
• Add new feature for counting files
• Bug fixes like certificate information not showing up if saved cert at startup
• Minor changes
• Update shipped signtool.exe to last v.
• Updated to.net 4.8

Version 1.2.0.0 (30-06-2022):

• Feature additions
• Addressed issues

Version 1.0.4.0 (31-05-2021):

• Significant changes of logic and signing
• Overhauled GUI

Version 1.0.3.0 (30-04-2021):

• Fixed some bugs when signing multiple files at once from a folder
• Fixed issue for ECC SHA512 bug
• Performance enhancements

Version 1.0.2.0 (31-03-2021):

• More features added
• Several fixes in GUI text
• Performance tweaks
• UI enhancements

Version 1.0.1.0 (21-01-2021):

• Initial updates
• Bug fixes

Version 1.0.0.0 (11-01-2021):

• First release